Privacy Policy

AppetiteMatch is a B2B service for licensed wholesale insurance brokers. We collect the following data, and only this data:

• Account data you provide on signup - your name, work email, and brokerage name.
• Submission content you upload - the ACORD PDFs and normalized JSON submissions you choose to triage. We store these so the dashboard can show you run history.
• Carrier appetite library you configure for your org.
• Usage metadata - submission counts, draft counts, send timestamps, quote-back timestamps.

• We don't sell your data, ever. Not to other brokers, not to carriers, not to advertisers.
• We don't train AI models on your submissions. Submissions you upload are sent to model providers (Anthropic via AWS Bedrock; Google Document AI for OCR) under their no-training enterprise terms.
• We don't use third-party analytics or tracking pixels on the authenticated dashboard.

We rely on the following infrastructure providers:

• AWS (Render-managed compute, Postgres, S3, SES) - hosting + outbound email
• Anthropic via AWS Bedrock - appetite scoring + email drafting
• Google Cloud (Document AI) - ACORD PDF field extraction
• Stripe - subscription billing
• Cloudflare - DNS + edge proxy

Submission and triage data are retained for the lifetime of your account. On account deletion, we hard-delete your data within 30 days. Backups are pruned within 90 days.

All traffic is HTTPS. Authentication uses HTTP-only cookies with SameSite=None+Secure. Service-account credentials are stored as encrypted environment variables on Render. We don't yet have SOC 2 - that's planned for the second half of 2026. If you need a DPA before purchase, email us.

Questions, deletion requests, GDPR / CCPA inquiries: privacy@appetitematch.com.